Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect problem [Closed]


  • This topic is locked This topic is locked

#1
allbow

allbow

    Member

  • Member
  • PipPip
  • 15 posts
Hi there,

I seem to be having a google redirect virus. The symptoms are that I get redirected when I google something. It only happens in Chrome, not IE.
I have done the following:
* run microsoft essentials
* run malwarebytes
* run spydoctor
* run hitman pro
* followed the google redirect how-to guide from this website (http://www.geekstogo...ogle-redirects/)

Now I am just following the instructions on how to post in this forum. I'd be grateful for any assistance! My OTL log follows:

OTL logfile created on: 8/20/2012 10:43:13 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Tani\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 45.89% Memory free
7.60 Gb Paging File | 5.19 Gb Available in Paging File | 68.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 74.62 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.18 Gb Free Space | 32.61% Space Free | Partition Type: NTFS

Computer Name: ALLBOW | User Name: Tani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/20 22:42:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tani\Downloads\OTL.exe
PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/20 11:44:13 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Tani\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/09 20:09:03 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 20:08:58 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/23 19:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
PRC - [2011/01/23 19:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
PRC - [2010/11/03 14:43:56 | 000,176,128 | ---- | M] () -- C:\Users\Tani\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Tani\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Tani\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/11 15:22:06 | 000,255,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/12/11 15:22:04 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/12/11 14:58:56 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/12/09 01:37:14 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/09 00:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/10/01 05:08:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/26 18:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Tani\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 00:30:59 | 000,442,392 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll
MOD - [2012/08/14 00:30:58 | 012,235,288 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
MOD - [2012/08/14 00:30:57 | 003,997,720 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
MOD - [2012/08/14 00:29:41 | 000,526,872 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll
MOD - [2012/08/14 00:29:39 | 000,104,984 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll
MOD - [2012/08/14 00:29:28 | 000,144,424 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll
MOD - [2012/08/14 00:29:27 | 000,266,792 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll
MOD - [2012/08/14 00:29:26 | 002,480,680 | ---- | M] () -- C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll
MOD - [2012/07/09 20:09:05 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 20:08:58 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/05/30 21:14:43 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2011/01/23 19:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
MOD - [2011/01/23 19:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
MOD - [2010/11/03 14:43:56 | 000,176,128 | ---- | M] () -- C:\Users\Tani\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll
MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEDsm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/08/19 23:52:05 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/29 15:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/25 21:32:55 | 009,464,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 19:01:08 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV:64bit: - [2010/04/14 14:01:15 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device)
SRV:64bit: - [2009/11/09 00:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/10/09 15:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/09/29 20:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/21 19:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 19:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/08/11 19:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 21:24:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/09 20:09:03 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/04/14 19:01:08 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV - [2010/04/14 14:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxedcoms.exe -- (lxed_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/11 15:22:06 | 000,255,336 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/12/11 15:22:04 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/12/10 14:11:00 | 000,161,128 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2009/12/10 14:11:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/12/09 01:37:14 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/10/01 05:08:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 15:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011/12/26 21:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/10/11 10:42:11 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/07/19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 02:31:56 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.5.29055.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/07 22:09:48 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/07 22:09:43 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/09/07 22:09:43 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/09/07 22:09:43 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/09/07 22:09:43 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/04/02 14:28:30 | 000,038,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/01/20 09:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/12/10 14:11:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2009/12/10 14:11:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/12/03 04:45:22 | 000,300,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/01 14:44:40 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/12/01 02:48:30 | 000,293,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/11/21 03:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/20 02:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/29 17:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 15:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 15:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/09/29 20:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/24 07:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/30 23:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/07 02:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/13 17:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/08/09 19:53:57 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2012/07/29 20:52:40 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/07/29 20:52:38 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2010/09/15 14:02:19 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101007.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/07 13:27:20 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4E567989-1859-4579-BBAE-43481F1BEFE7}
IE:64bit: - HKLM\..\SearchScopes\{4E567989-1859-4579-BBAE-43481F1BEFE7}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {E0CA0058-99C1-4298-B7CB-D8891072C913}
IE - HKLM\..\SearchScopes\{E0CA0058-99C1-4298-B7CB-D8891072C913}: "URL" = http://www.bing.com/...c=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-11 08:51:38&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tani\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tani\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tani\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tani\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 11:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 20:09:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tani\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Tani\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Tani\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tani\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Cloud Reader = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_1\
CHR - Extension: YouTube = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/20 22:27:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Tani\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CPU Thermometer] "C:\Program Files (x86)\CPU Thermometer\CPUThermometer.exe" -s File not found
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [googletalk] C:\Users\Tani\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [JFSW2Launch] C:\Users\Tani\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe ()
O4 - Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: usitc.gov ([itcxenweb.itcnet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: usitc.gov ([webapps] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{087E73E3-581C-488D-BA94-26EFAD317375}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CD2DC8F-9282-4394-8C5C-9FC7B0AF1358}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDDE7B0-09A6-411A-AD6D-128969693CD9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Tani\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Tani\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{63aedb42-8d92-11e0-b8c5-c417fef173c1}\Shell - "" = AutoRun
O33 - MountPoints2\{63aedb42-8d92-11e0-b8c5-c417fef173c1}\Shell\AutoRun\command - "" = D:\iStudio.exe
O33 - MountPoints2\{8b77d634-3e84-11df-89b3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8b77d634-3e84-11df-89b3-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 22:39:42 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\80419541.sys
[2012/08/20 22:37:14 | 000,000,000 | ---D | C] -- C:\Users\Tani\Desktop\GooredFix Backups
[2012/08/20 22:36:55 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Tani\Desktop\OTM.exe
[2012/08/20 22:36:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tani\Desktop\GooredFix.exe
[2012/08/20 21:07:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/20 00:53:22 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\48715176.sys
[2012/08/20 00:53:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/08/20 00:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/08/19 23:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/08/19 23:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/19 23:50:43 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tani\Desktop\tdsskiller.exe
[2012/08/19 23:50:41 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\Tani\Desktop\HitmanPro36_x64.exe
[2012/08/17 21:54:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/17 21:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/17 21:54:34 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/17 21:54:31 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/17 21:54:31 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/17 21:54:31 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/17 21:54:28 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/17 21:54:26 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/17 21:53:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/17 21:53:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/17 21:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/17 21:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/17 20:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/17 20:41:00 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/08/17 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/17 20:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/17 20:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/17 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\TestApp
[2012/08/13 17:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/08/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/08/13 17:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/13 17:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/13 17:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/13 16:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPU Thermometer
[2012/08/11 17:50:47 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\Mozilla
[2012/07/31 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/07/31 19:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 22:49:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2233895362-2950881957-1043481839-1004UA.job
[2012/08/20 22:40:48 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 22:40:48 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 22:39:43 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\80419541.sys
[2012/08/20 22:38:12 | 000,795,628 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/20 22:38:12 | 000,673,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/20 22:38:12 | 000,125,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/20 22:36:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tani\Desktop\GooredFix.exe
[2012/08/20 22:33:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 22:30:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 22:29:53 | 3060,547,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/20 22:27:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/20 22:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 22:15:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 21:53:12 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/20 21:05:17 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Tani\Desktop\OTM.exe
[2012/08/20 00:53:22 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\48715176.sys
[2012/08/20 00:53:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/08/20 00:38:05 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/19 23:49:16 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\Tani\Desktop\HitmanPro36_x64.exe
[2012/08/19 23:45:56 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tani\Desktop\tdsskiller.exe
[2012/08/17 22:18:17 | 000,002,252 | ---- | M] () -- C:\Users\Tani\Desktop\Kindle.lnk
[2012/08/17 21:54:35 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/17 21:54:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/17 20:42:12 | 002,167,819 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/17 18:00:25 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/17 11:49:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2233895362-2950881957-1043481839-1004Core.job
[2012/08/16 18:46:14 | 000,421,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 17:43:28 | 000,000,959 | ---- | M] () -- C:\Users\Tani\Desktop\Core Temp.lnk
[2012/08/11 13:44:10 | 000,000,610 | ---- | M] () -- C:\SISTodo
[2012/08/11 13:44:10 | 000,000,006 | ---- | M] () -- C:\SISHashTodo
[2012/08/08 07:38:37 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/05 13:56:44 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 00:37:56 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/08/17 21:54:35 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/17 21:54:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/17 20:41:06 | 002,167,819 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/17 18:00:25 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 17:43:28 | 000,000,959 | ---- | C] () -- C:\Users\Tani\Desktop\Core Temp.lnk
[2012/08/11 13:44:10 | 000,000,610 | ---- | C] () -- C:\SISTodo
[2012/08/11 13:44:10 | 000,000,006 | ---- | C] () -- C:\SISHashTodo
[2012/05/18 14:06:17 | 000,173,080 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/05/18 14:06:17 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/05/18 13:24:47 | 000,173,052 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/05/18 13:24:47 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/02/23 23:51:32 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/19 19:48:58 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2011/10/19 19:48:58 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2011/10/19 19:48:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2011/10/19 19:48:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2011/10/19 19:48:57 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2011/10/19 19:48:57 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2011/10/19 19:48:57 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2011/10/19 19:48:57 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2011/10/19 19:48:57 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2011/10/19 19:48:57 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2011/10/19 19:48:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2011/10/19 19:48:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2011/10/19 19:48:56 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2011/10/19 19:48:56 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2011/10/19 19:48:56 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2011/10/19 19:48:56 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe
[2011/10/19 19:48:55 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2011/10/19 19:48:55 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe
[2011/10/19 19:48:55 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2011/10/19 19:48:54 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2011/10/19 19:48:54 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe
[2011/09/09 20:38:57 | 000,003,584 | ---- | C] () -- C:\Users\Tani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/01 12:29:14 | 000,000,446 | RHS- | C] () -- C:\Users\Tani\ntuser.pol
[2011/03/15 21:25:58 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2011/03/15 21:25:58 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2011/02/13 21:58:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011/02/13 21:58:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2011/02/13 21:58:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011/01/24 00:09:20 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/12/30 16:19:10 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2010/12/30 16:19:10 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2010/12/30 16:19:10 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx13_ic.ini
[2010/12/30 16:19:09 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll
[2010/12/30 16:19:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2010/10/24 20:53:09 | 000,010,050 | ---- | C] () -- C:\Windows\hpdj3500.ini
[2010/09/12 21:18:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2010/09/08 20:30:06 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Canon
[2012/03/04 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/11/23 22:42:10 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\DeLorme
[2012/07/20 15:09:01 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Dropbox
[2010/12/29 21:22:44 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\ICAClient
[2012/02/20 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\IrfanView
[2012/07/11 16:37:43 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\JabRef 2.8.1
[2010/09/07 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Lenovo
[2012/07/20 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\OverDrive
[2011/05/02 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\PCDr
[2010/12/30 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Softinterface, Inc
[2010/10/21 21:37:00 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Stata10
[2012/08/17 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\TestApp
[2010/09/16 20:01:32 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\TP
[2011/02/22 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Transcend
[2011/05/02 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Update
[2010/10/26 09:36:31 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Windows Live Writer
[2012/08/08 07:38:37 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/22 23:35:15 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/20 21:53:12 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets run this little programme first to see if it clears it

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hi there,


thanks for answering my question so fast! i ran the program as you requested. however the first time i ran it i didn't find the log file. i ran the program a second time and found the log file this time. so i don't know if all that affects what you are looking for. i'm attaching the log file now. thanks again!


# AdwCleaner v1.801 - Logfile created 08/21/2012 at 22:16:36
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Tani - ALLBOW
# Boot Mode : Normal
# Running from : C:\Users\Tani\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9354 octets] - [21/08/2012 20:57:40]
AdwCleaner[S2].txt - [746 octets] - [21/08/2012 22:16:36]

########## EOF - C:\AdwCleaner[S2].txt - [873 octets] ##########
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the redirects still occuring ?
  • 0

#5
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
yes they are. sorry for not updating on that.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you being redirected to a specific site or is it random ?

Could you start Chrome in the Incognito mode to see if that stops them
Details here
  • 0

#7
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
yes - incognito stops them.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now comes the tedious bit

First do you recognise this extension Cloud Reader if not then disable it and run Chrome as normal are the redirects still apparent ?
  • 0

#9
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok i'm looking (chrome\tools\settings, right?) and i don't have it.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will quarantine that now and after the reboot if you could try Chrome again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Files
    C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
sorry - to clarify. i didn't see the extension in chrome, therefore i didn't do anything at all (and obviously i'm still getting redirects).
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you run the OTL fix, that will remove the extension to quarantine and then reboot. Once done could you check for redirects
  • 0

#13
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
somehow my log files don't always pop up upon reboot. is there a way to recover the log file if it doesn't show up automatically? i ran it and i'm still getting redirects.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it should be in the same location as OTL

Could you now disable all extensions on chrome..
Check for redirects.
If there are none then re-enable one at a time checking in between
When you find the culprit let me know which extension it is and I will remove it
  • 0

#15
allbow

allbow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
i have two extensions, one called "default extension" and one called "avast! WebRep". the "default extension" one is the one giving me redirects (the other one does not).

btw i have otl directly on my desktop and nothing looking like a log file has a recent time stamp on it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP